[cryptography] Bonding or Insuring of CAs?

James A. Donald jamesd at echeque.com
Sat Jan 26 03:52:32 EST 2013

On 2013-01-26 8:31 AM, Paul Hoffman wrote:
> Since there isn't a strong list moderator here, I gotta ask: is this (and similar PKIX-is-broken threads) on-topic for this mailing list? Regardless of how much I agree with the sentiment, it seems to have nothing to do with cryptography. Maybe someone should set up a post-pki mailing list for such threads? (Or maybe I should be less cranky?)
Political solutions for PKI problems, such as bonding CAs seem obviously 
off topic for me.

But PKI problems are obviously on topic.  Most security problems occur 
at the interface between people and algorithms.  User interface is the 
hard problem of encryption.

So a people related security problem is on topic, and some solutions to 
that problem are on topic, and some are off topic.  The more the 
proposed solution is people dealing with people, the less it is on 
topic, and the more the proposed solution is people dealing with 
computers, the more it is on topic.

More information about the cryptography mailing list